Cyber Defense Laboratory

Intrusion
Alert Correlator (Version 0.2)

Introduction

This tool is designed to correlate
the alerts reported by commercial Intrusion Detection System (IDS)
using the prerequisites and consequences of hyper alerts defined in
knowledge base. The tool is written in Java.

4. Download the sample property
file, name it "Correlator.properties" and make some configuration
changes (change the dbDriver and dbURL and various file paths: knowledge
base path, Original_Graph_Output, ...);

5. Run the tool using the command
"java Correlator -Correlation userName password";

6. Using GraphViz to generate the graphs (dot -Tps darpa_dmz1.txt
-o outputFile.ps). The file name "darpa_dmz1.txt" is specified
in "Correlator.properties".